April Fools
Though many sites vary in their observance of April Fool's Day, it does make it more difficult to filter the legitimate from the irrelevant in terms of Information Security research. News stories such as China purchasing Google, US President George Bush installing himself for a third term, and Duke Nukem: Forever is available for review are simple enough to pick out as being fake. However, there are many reports every day of the year which are difficult to interpret unless you are a subject matter expert on that particular technology, and even then there is no guarantee that you will be able to determine whether or not a claim is legitimate.
This has the unfortunate side effect that people readily dismiss what they do not know and prefer to remain ignorant of the real threats because they are unable to work out how something is happening - basically a return to the 'black box' method of operations. Most worrying is when this trend extends to companies that people rely upon for security or protection of their sensitive financial and personal data.
In research which has been correlated by Zone-h, the global authority on website defacement / digital attacks, S?nnet Beskerming has observed that more than 80% of system administrators and webmasters tend to ignore reports of damage / attacks against sites that they are responsible for. Whether this is because the reports get eaten by spam filters or the administrators merely do not reply to notification is not known.
The more worrying statistic is that the next greatest percentage of administrator responses is to threaten and accuse those who report the damage of being responsible for the hack / defacement. Finally, there is a very small percentage (almost statistically insignificant) of administrators that respond positively to defacement notification.
Aussie ISPs Breached
A similar situation was observed in the last week when two Australian ISPs were affected by problems with their primary web presence. In the first case, a Sydney based ISP was affected when a customer discovered that it was possible to view billing and call details for any customer by changing some parameters in one of the forms on the 'LiveBilling' area of the ISP's site. It was also demonstrated that it was possible for non-customers to gain access to the data.
Following publication of the issue by a major news agency, the affected area of the site was taken offline with the only reason being given as difficulty with 'security locks'. Even though a number of customers had contacted the ISP about the issue with little response from the ISP, it took massive publicity for it to begin being addressed. While no financial data was exposed, there was still a lot of privacy information readily available.
The second case affected a Queensland based ISP rated as one of Australia's best, which had its web site compromised by foreign hackers. Rather than defacing the main page (which would have led to a rapid repair and investigation), the defacement was out of the way and unlikely to have ever been found through normal web surfing. While this case has not received any publicity, it is likely that the attackers have gained access to sensitive databases and customer information.
Given the earlier statistic about the responses by system / site administrators, the chances are not good for customers of this second ISP for a resolution soon. If any readers of this column are customers of an ISP based in southern Queensland, it would be prudent to check your financial and other personal details.
Affects Phishing
The same problem is affecting everyday users with the improvement phishers are demonstrating in improving the effectiveness of their attacks. The improvement of the attacks is getting to the point that most of the advice being given to users in how to detect and avoid being suckered by a phish attempt is becoming irrelevant. The last several days saw reports of banks having their websites compromised, redirecting requests for the legitimate site to locations that the attackers controlled.
Although the reported cases were fixed quickly, S?nnet Beskerming has found and reported cases where financial institutions have had their sites (including intranets that were improperly configured) exposed to the outside world and which had been under the surreptitious control of attackers for some time.
3 April 2006
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.